<!DOCTYPE html>












  


<html class="theme-next pisces use-motion" lang="zh-CN">
<head><meta name="generator" content="Hexo 3.9.0">
  <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">






















<link rel="stylesheet" href="/lib/font-awesome/css/font-awesome.min.css?v=4.7.0">

<link rel="stylesheet" href="/css/main.css?v=7.1.2">


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png?v=7.1.2">


  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png?v=7.1.2">


  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png?v=7.1.2">


  <link rel="mask-icon" href="/images/logo.svg?v=7.1.2" color="#222">







<script id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Pisces',
    version: '7.1.2',
    sidebar: {"position":"left","display":"post","offset":12,"onmobile":false,"dimmer":false},
    back2top: true,
    back2top_sidebar: false,
    fancybox: false,
    fastclick: false,
    lazyload: false,
    tabs: true,
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>


  




  <meta name="description" content="文件传输协议 为了解决在复杂多样的设备之间的文件传输问题  FTP是一种基于客户端/服务器模式的文件传输协议，默认使用20、21号端口  端口20（数据端口）用于进行数据传输（目录列表，数据）  端口21（命令端口）用于接收客户端发出的相关FTP命令与参数  FTP服务器普遍部署于内网中，特点：容易搭建、方便管理  有些FTP客户端工具支持文件的多点下载以及断电续传技术">
<meta name="keywords" content="Vsftpd,TFTP,FTP">
<meta property="og:type" content="article">
<meta property="og:title" content="使用vsftpd服务传输文件">
<meta property="og:url" content="https://lzz001.gitee.io/2019/08/13/使用vsftpd服务传输文件/index.html">
<meta property="og:site_name" content="小智的博客">
<meta property="og:description" content="文件传输协议 为了解决在复杂多样的设备之间的文件传输问题  FTP是一种基于客户端/服务器模式的文件传输协议，默认使用20、21号端口  端口20（数据端口）用于进行数据传输（目录列表，数据）  端口21（命令端口）用于接收客户端发出的相关FTP命令与参数  FTP服务器普遍部署于内网中，特点：容易搭建、方便管理  有些FTP客户端工具支持文件的多点下载以及断电续传技术">
<meta property="og:locale" content="zh-CN">
<meta property="og:image" content="https://gitee.com/lzz001/img/raw/master/FTP/FTP%E8%BF%9E%E6%8E%A5%E8%BF%87%E7%A8%8B.png">
<meta property="og:updated_time" content="2019-08-13T13:24:51.519Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="使用vsftpd服务传输文件">
<meta name="twitter:description" content="文件传输协议 为了解决在复杂多样的设备之间的文件传输问题  FTP是一种基于客户端/服务器模式的文件传输协议，默认使用20、21号端口  端口20（数据端口）用于进行数据传输（目录列表，数据）  端口21（命令端口）用于接收客户端发出的相关FTP命令与参数  FTP服务器普遍部署于内网中，特点：容易搭建、方便管理  有些FTP客户端工具支持文件的多点下载以及断电续传技术">
<meta name="twitter:image" content="https://gitee.com/lzz001/img/raw/master/FTP/FTP%E8%BF%9E%E6%8E%A5%E8%BF%87%E7%A8%8B.png">





  
  
  <link rel="canonical" href="https://lzz001.gitee.io/2019/08/13/使用vsftpd服务传输文件/">



<script id="page.configurations">
  CONFIG.page = {
    sidebar: "",
  };
</script>

  <title>使用vsftpd服务传输文件 | 小智的博客</title>
  






  <script>
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "https://hm.baidu.com/hm.js?297412c3c8589eb0dc190e2d81f12097";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
  </script>







  <noscript>
  <style>
  .use-motion .motion-element,
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-title { opacity: initial; }

  .use-motion .logo,
  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-CN">

  
  
    
  

  <div class="container sidebar-position-left page-post-detail">
    <div class="headband"></div>
	<a href="https://github.com/zengzhiLai" target="_blank" class="github-corner" aria-label="View source on GitHub">
		<svg width="100" height="100" viewbox="0 0 250 250" style="fill:#151513; color:#fff; position: absolute; top: 0; border: 0; right: 0;" aria-hidden="true">
			<path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"/>
			<path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"/><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"/>
		</svg>
	</a>
	<style>.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}}</style>
	
    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta">
    

    <div class="custom-logo-site-title">
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">小智的博客</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
    
      
        <p class="site-subtitle">慢即是快</p>
      
    
    
  </div>

  <div class="site-nav-toggle">
    <button aria-label="切换导航栏">
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>



<nav class="site-nav">
  
    <ul id="menu" class="menu">
      
        
        
        
          
          <li class="menu-item menu-item-home">

    
    
      
    

    

    <a href="/" rel="section"><i class="menu-item-icon fa fa-fw fa-home"></i> <br>首页</a>

  </li>
        
        
        
          
          <li class="menu-item menu-item-about">

    
    
      
    

    

    <a href="/about/" rel="section"><i class="menu-item-icon fa fa-fw fa-user"></i> <br>关于</a>

  </li>
        
        
        
          
          <li class="menu-item menu-item-tags">

    
    
      
    

    

    <a href="/tags/" rel="section"><i class="menu-item-icon fa fa-fw fa-tags"></i> <br>标签</a>

  </li>
        
        
        
          
          <li class="menu-item menu-item-categories">

    
    
      
    

    

    <a href="/categories/" rel="section"><i class="menu-item-icon fa fa-fw fa-th"></i> <br>分类</a>

  </li>
        
        
        
          
          <li class="menu-item menu-item-archives">

    
    
      
    

    

    <a href="/archives/" rel="section"><i class="menu-item-icon fa fa-fw fa-archive"></i> <br>归档</a>

  </li>
        
        
        
          
          <li class="menu-item menu-item-commonweal">

    
    
      
    

    

    <a href="/404/" rel="section"><i class="menu-item-icon fa fa-fw fa-heartbeat"></i> <br>公益 404</a>

  </li>

      
      
    </ul>
  

  

  
</nav>



  



</div>
    </header>

    


    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          
            

          
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  

  <article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="https://lzz001.gitee.io/2019/08/13/使用vsftpd服务传输文件/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="小智">
      <meta itemprop="description" content="Java,Linux,Mysql">
      <meta itemprop="image" content="/images/zhi.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="小智的博客">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">使用vsftpd服务传输文件

              
            
          </h1>
        

        <div class="post-meta">

          
          
          

          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              

              
                
              

              <time title="创建时间：2019-08-13 16:35:24 / 修改时间：21:24:51" itemprop="dateCreated datePublished" datetime="2019-08-13T16:35:24+08:00">2019-08-13</time>
            </span>
          

          
            

            
          

          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              
                <span class="post-meta-item-text">分类于</span>
              
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/Linux/" itemprop="url" rel="index"><span itemprop="name">Linux</span></a></span>

                
                
              
            </span>
          

          
            
            
          

          
          

          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-eye"></i>
                 阅读次数： 
                <span class="busuanzi-value" id="busuanzi_value_page_pv"></span>
              </span>
            </span>
          

          <br>
          

          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <h2 id="文件传输协议"><a href="#文件传输协议" class="headerlink" title="文件传输协议"></a>文件传输协议</h2><ul>
<li><p>为了解决在复杂多样的设备之间的文件传输问题</p>
</li>
<li><p>FTP是一种基于<strong>客户端/服务器</strong>模式的文件传输协议，默认使用20、21号端口</p>
</li>
<li><p><strong>端口20</strong>（数据端口）用于进行数据传输（目录列表，数据）</p>
</li>
<li><p><strong>端口21</strong>（命令端口）用于接收客户端发出的相关FTP命令与参数</p>
</li>
<li><p>FTP服务器普遍部署于内网中，特点：容易搭建、方便管理</p>
</li>
<li><p>有些FTP客户端工具支持文件的多点下载以及断电续传技术</p>
</li>
</ul>
<a id="more"></a>

<ul>
<li><p>FTP协议传输拓扑图：</p>
<p><img src="https://gitee.com/lzz001/img/raw/master/FTP/FTP%E8%BF%9E%E6%8E%A5%E8%BF%87%E7%A8%8B.png" alt="FTP协议传输拓扑图"></p>
</li>
<li><p>FTP服务器是按照<strong>FTP协议</strong>在互联网上<strong>提供文件存储和访问服务</strong>的主机</p>
</li>
<li><p>FTP客户端是向服务器发送连接请求，以建立数据传输链路的主机</p>
</li>
<li><p>FTP协议有两种工作模式：</p>
<blockquote>
<p><strong>主动模式：</strong>FTP服务器主动向客户端发起连接请求</p>
<p><strong>被动模式：</strong>FTP服务器等待客户端发起连接请求（FTP的默认工作模式）</p>
</blockquote>
<p>防火墙一般是用于过滤从外网进入内网的流量，即有时候需将FTP的工作模式设置为主动模式才可传输数据</p>
</li>
<li><p><strong>vsftpd</strong>（very secure ftp daemon，非常安全的FTP守护进程）是一款运行在Linux操作系统上的FTP服务程序，特点：安全开源免费，具有很高的安全性、传输速度以及支持虚拟用户验证等其它FTP服务程序不具备的特点</p>
</li>
</ul>
<h2 id="安装vsftpd服务程序"><a href="#安装vsftpd服务程序" class="headerlink" title="安装vsftpd服务程序"></a>安装vsftpd服务程序</h2><ol>
<li><strong>yum安装vsftpd服务程序</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> yum install -y vsftpd</span><br></pre></td></tr></table></figure>

<ol start="2">
<li><p><strong>清空iptables防火墙的默认策略，保存当前状态</strong></p>
<p>iptables防火墙工具默认禁止了FTP传输协议的端口，此操作可避免配置vsftpd服务程序时被默认的防火墙策略影响</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> iptables -F</span><br><span class="line"><span class="meta">#</span> service iptables save</span><br><span class="line">iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]</span><br></pre></td></tr></table></figure>

<ol start="3">
<li><strong>查看vsftpd服务程序的主配置文件（/etc/vsftpd/vsftpd.conf）</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br><span class="line">126</span><br><span class="line">127</span><br><span class="line">128</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> cat -n /etc/vsftpd/vsftpd.conf</span><br><span class="line">     1	# Example config file /etc/vsftpd/vsftpd.conf</span><br><span class="line">     2	#</span><br><span class="line">     3	# The default compiled in settings are fairly paranoid. This sample file</span><br><span class="line">     4	# loosens things up a bit, to make the ftp daemon more usable.</span><br><span class="line">     5	# Please see vsftpd.conf.5 for all compiled in defaults.</span><br><span class="line">     6	#</span><br><span class="line">     7	# READ THIS: This example file is NOT an exhaustive list of vsftpd options.</span><br><span class="line">     8	# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's</span><br><span class="line">     9	# capabilities.</span><br><span class="line">    10	#</span><br><span class="line">    11	# Allow anonymous FTP? (Beware - allowed by default if you comment this out).</span><br><span class="line">    12	anonymous_enable=YES</span><br><span class="line">    13	#</span><br><span class="line">    14	# Uncomment this to allow local users to log in.</span><br><span class="line">    15	# When SELinux is enforcing check for SE bool ftp_home_dir</span><br><span class="line">    16	local_enable=YES</span><br><span class="line">    17	#</span><br><span class="line">    18	# Uncomment this to enable any form of FTP write command.</span><br><span class="line">    19	write_enable=YES</span><br><span class="line">    20	#</span><br><span class="line">    21	# Default umask for local users is 077. You may wish to change this to 022,</span><br><span class="line">    22	# if your users expect that (022 is used by most other ftpd's)</span><br><span class="line">    23	local_umask=022</span><br><span class="line">    24	#</span><br><span class="line">    25	# Uncomment this to allow the anonymous FTP user to upload files. This only</span><br><span class="line">    26	# has an effect if the above global write enable is activated. Also, you will</span><br><span class="line">    27	# obviously need to create a directory writable by the FTP user.</span><br><span class="line">    28	# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access</span><br><span class="line">    29	#anon_upload_enable=YES</span><br><span class="line">    30	#</span><br><span class="line">    31	# Uncomment this if you want the anonymous FTP user to be able to create</span><br><span class="line">    32	# new directories.</span><br><span class="line">    33	#anon_mkdir_write_enable=YES</span><br><span class="line">    34	#</span><br><span class="line">    35	# Activate directory messages - messages given to remote users when they</span><br><span class="line">    36	# go into a certain directory.</span><br><span class="line">    37	dirmessage_enable=YES</span><br><span class="line">    38	#</span><br><span class="line">    39	# Activate logging of uploads/downloads.</span><br><span class="line">    40	xferlog_enable=YES</span><br><span class="line">    41	#</span><br><span class="line">    42	# Make sure PORT transfer connections originate from port 20 (ftp-data).</span><br><span class="line">    43	connect_from_port_20=YES</span><br><span class="line">    44	#</span><br><span class="line">    45	# If you want, you can arrange for uploaded anonymous files to be owned by</span><br><span class="line">    46	# a different user. Note! Using "root" for uploaded files is not</span><br><span class="line">    47	# recommended!</span><br><span class="line">    48	#chown_uploads=YES</span><br><span class="line">    49	#chown_username=whoever</span><br><span class="line">    50	#</span><br><span class="line">    51	# You may override where the log file goes if you like. The default is shown</span><br><span class="line">    52	# below.</span><br><span class="line">    53	#xferlog_file=/var/log/xferlog</span><br><span class="line">    54	#</span><br><span class="line">    55	# If you want, you can have your log file in standard ftpd xferlog format.</span><br><span class="line">    56	# Note that the default log file location is /var/log/xferlog in this case.</span><br><span class="line">    57	xferlog_std_format=YES</span><br><span class="line">    58	#</span><br><span class="line">    59	# You may change the default value for timing out an idle session.</span><br><span class="line">    60	#idle_session_timeout=600</span><br><span class="line">    61	#</span><br><span class="line">    62	# You may change the default value for timing out a data connection.</span><br><span class="line">    63	#data_connection_timeout=120</span><br><span class="line">    64	#</span><br><span class="line">    65	# It is recommended that you define on your system a unique user which the</span><br><span class="line">    66	# ftp server can use as a totally isolated and unprivileged user.</span><br><span class="line">    67	#nopriv_user=ftpsecure</span><br><span class="line">    68	#</span><br><span class="line">    69	# Enable this and the server will recognise asynchronous ABOR requests. Not</span><br><span class="line">    70	# recommended for security (the code is non-trivial). Not enabling it,</span><br><span class="line">    71	# however, may confuse older FTP clients.</span><br><span class="line">    72	#async_abor_enable=YES</span><br><span class="line">    73	#</span><br><span class="line">    74	# By default the server will pretend to allow ASCII mode but in fact ignore</span><br><span class="line">    75	# the request. Turn on the below options to have the server actually do ASCII</span><br><span class="line">    76	# mangling on files when in ASCII mode.</span><br><span class="line">    77	# Beware that on some FTP servers, ASCII support allows a denial of service</span><br><span class="line">    78	# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd</span><br><span class="line">    79	# predicted this attack and has always been safe, reporting the size of the</span><br><span class="line">    80	# raw file.</span><br><span class="line">    81	# ASCII mangling is a horrible feature of the protocol.</span><br><span class="line">    82	#ascii_upload_enable=YES</span><br><span class="line">    83	#ascii_download_enable=YES</span><br><span class="line">    84	#</span><br><span class="line">    85	# You may fully customise the login banner string:</span><br><span class="line">    86	#ftpd_banner=Welcome to blah FTP service.</span><br><span class="line">    87	#</span><br><span class="line">    88	# You may specify a file of disallowed anonymous e-mail addresses. Apparently</span><br><span class="line">    89	# useful for combatting certain DoS attacks.</span><br><span class="line">    90	#deny_email_enable=YES</span><br><span class="line">    91	# (default follows)</span><br><span class="line">    92	#banned_email_file=/etc/vsftpd/banned_emails</span><br><span class="line">    93	#</span><br><span class="line">    94	# You may specify an explicit list of local users to chroot() to their home</span><br><span class="line">    95	# directory. If chroot_local_user is YES, then this list becomes a list of</span><br><span class="line">    96	# users to NOT chroot().</span><br><span class="line">    97	# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that</span><br><span class="line">    98	# the user does not have write access to the top level directory within the</span><br><span class="line">    99	# chroot)</span><br><span class="line">   100	#chroot_local_user=YES</span><br><span class="line">   101	#chroot_list_enable=YES</span><br><span class="line">   102	# (default follows)</span><br><span class="line">   103	#chroot_list_file=/etc/vsftpd/chroot_list</span><br><span class="line">   104	#</span><br><span class="line">   105	# You may activate the "-R" option to the builtin ls. This is disabled by</span><br><span class="line">   106	# default to avoid remote users being able to cause excessive I/O on large</span><br><span class="line">   107	# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume</span><br><span class="line">   108	# the presence of the "-R" option, so there is a strong case for enabling it.</span><br><span class="line">   109	#ls_recurse_enable=YES</span><br><span class="line">   110	#</span><br><span class="line">   111	# When "listen" directive is enabled, vsftpd runs in standalone mode and</span><br><span class="line">   112	# listens on IPv4 sockets. This directive cannot be used in conjunction</span><br><span class="line">   113	# with the listen_ipv6 directive.</span><br><span class="line">   114	listen=NO</span><br><span class="line">   115	#</span><br><span class="line">   116	# This directive enables listening on IPv6 sockets. By default, listening</span><br><span class="line">   117	# on the IPv6 "any" address (::) will accept connections from both IPv6</span><br><span class="line">   118	# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6</span><br><span class="line">   119	# sockets. If you want that (perhaps because you want to listen on specific</span><br><span class="line">   120	# addresses) then you must run two copies of vsftpd with two configuration</span><br><span class="line">   121	# files.</span><br><span class="line">   122	# Make sure, that one of the listen options is commented !!</span><br><span class="line">   123	listen_ipv6=YES</span><br><span class="line">   124	</span><br><span class="line">   125	pam_service_name=vsftpd</span><br><span class="line">   126	userlist_enable=YES</span><br><span class="line">   127	tcp_wrappers=YES</span><br></pre></td></tr></table></figure>

<ol start="4">
<li><strong>备份vsftpd的主配置文件并将注释信息去掉</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_bak</span><br><span class="line"><span class="meta">#</span> grep -v "#" /etc/vsftpd/vsftpd.conf_bak &gt; /etc/vsftpd/vsftpd.conf</span><br><span class="line"><span class="meta">#</span> cat /etc/vsftpd/vsftpd.conf</span><br><span class="line">anonymous_enable=YES</span><br><span class="line">local_enable=YES</span><br><span class="line">write_enable=YES</span><br><span class="line">local_umask=022</span><br><span class="line">dirmessage_enable=YES</span><br><span class="line">xferlog_enable=YES</span><br><span class="line">connect_from_port_20=YES</span><br><span class="line">xferlog_std_format=YES</span><br><span class="line">listen=NO</span><br><span class="line">listen_ipv6=YES</span><br><span class="line">pam_service_name=vsftpd</span><br><span class="line">userlist_enable=YES</span><br><span class="line">tcp_wrappers=YES</span><br></pre></td></tr></table></figure>

<h2 id="Vsftpd服务程序的三种认证模式"><a href="#Vsftpd服务程序的三种认证模式" class="headerlink" title="Vsftpd服务程序的三种认证模式"></a>Vsftpd服务程序的三种认证模式</h2><p>vsftpd作为更加安全的文件传输的服务程序，允许用户以三种认证模式登录到FTP服务器上</p>
<blockquote>
<p><strong>匿名开放模式</strong>：是一种最不安全的认证模式，任何人都可以无需密码验证而直接登录到FTP服务器</p>
<p><strong>本地用户模式</strong>：是通过Linux系统本地的账户密码信息进行认证的模式，相较于匿名开放模式更安全，而且配置起来也很简单。但是如果被黑客破解了账户的信息，就可以畅通无阻地登录FTP服务器，从而完全控制整台服务器</p>
<p><strong>虚拟用户模式</strong>：是这三种模式中最安全的一种认证模式，它需要为FTP服务单独建立用户数据库文件，虚拟出用来进行口令验证的账户信息，而这些账户信息在服务器系统中实际上是不存在的，仅供FTP服务程序进行认证使用。这样，即使黑客破解了账户信息也无法登录服务器，从而有效降低了破坏范围和影响</p>
</blockquote>
<p>安装ftp——Linux系统中以命令行界面的方式来管理FTP传输服务的客户端工具</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> yum install -y ftp</span><br></pre></td></tr></table></figure>

<h3 id="匿名访问模式"><a href="#匿名访问模式" class="headerlink" title="匿名访问模式"></a>匿名访问模式</h3><ol>
<li><strong>开放匿名用户的上传、下载文件的权限，以及让匿名用户创建、删除、更名文件的权限</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> vim /etc/vsftpd/vsftpd.conf</span><br><span class="line">anonymous_enable=YES  #允许匿名访问模式</span><br><span class="line">anon_umask=022   #匿名用户上传文件的umask值</span><br><span class="line">anon_upload_enable=YES  #允许匿名用户上传文件</span><br><span class="line">anon_mkdir_write_enable=YES  #允许匿名用户创建目录</span><br><span class="line">anon_other_write_enable=YES  #允许匿名用户修改目录名称或删除目录</span><br><span class="line">local_enable=YES</span><br><span class="line">write_enable=YES</span><br><span class="line">local_umask=022</span><br><span class="line">dirmessage_enable=YES</span><br><span class="line">xferlog_enable=YES</span><br><span class="line">connect_from_port_20=YES</span><br><span class="line">xferlog_std_format=YES</span><br><span class="line">listen=NO</span><br><span class="line">listen_ipv6=YES</span><br><span class="line">pam_service_name=vsftpd</span><br><span class="line">userlist_enable=YES</span><br><span class="line">tcp_wrappers=YES</span><br></pre></td></tr></table></figure>

<ol start="2">
<li><strong>重启vsftpd，并加入开机启动项</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> systemctl restart vsftpd</span><br><span class="line"><span class="meta">#</span> systemctl enable vsftpd</span><br><span class="line">ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'</span><br></pre></td></tr></table></figure>

<ol start="3">
<li><p><strong>尝试创建一个新的目录文件，以检验是否拥有写入权限，发现创建失败</strong></p>
<p>匿名开放认证模式下，其账号为：anonymous或ftp，密码为空<br>默认的访问目录是 /var/ftp</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> ftp 192.168.40.131</span><br><span class="line">Connected to 192.168.40.131 (192.168.40.131).</span><br><span class="line">220 (vsFTPd 3.0.2)</span><br><span class="line">Name (192.168.40.131:root): anonymous</span><br><span class="line">331 Please specify the password.</span><br><span class="line">Password:</span><br><span class="line">230 Login successful.</span><br><span class="line">Remote system type is UNIX.</span><br><span class="line">Using binary mode to transfer files.</span><br><span class="line"><span class="meta">ftp&gt;</span> cd pub</span><br><span class="line">250 Directory successfully changed.</span><br><span class="line"><span class="meta">ftp&gt;</span> mkdir files</span><br><span class="line">550 Create directory operation failed.</span><br><span class="line"><span class="meta">ftp&gt;</span> exit</span><br></pre></td></tr></table></figure>

<ol start="4">
<li><strong>查看目录的写入权限，修改目录的所有者为ftp，再次尝试还是失败</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> ls -ld /var/ftp/pub</span><br><span class="line">drwxr-xr-x. 2 root root 6 Mar  7  2014 /var/ftp/pub</span><br><span class="line"><span class="meta">#</span> chown -Rf ftp /var/ftp/pub</span><br><span class="line"><span class="meta">#</span> ls -ld /var/ftp/pub</span><br><span class="line">drwxr-xr-x. 2 ftp root 6 Mar  7  2014 /var/ftp/pub</span><br><span class="line"><span class="meta">#</span> ftp 192.168.40.131</span><br><span class="line">Connected to 192.168.40.131 (192.168.40.131).</span><br><span class="line">220 (vsFTPd 3.0.2)</span><br><span class="line">Name (192.168.40.131:root): anonymous</span><br><span class="line">331 Please specify the password.</span><br><span class="line">Password:</span><br><span class="line">230 Login successful.</span><br><span class="line">Remote system type is UNIX.</span><br><span class="line">Using binary mode to transfer files.</span><br><span class="line"><span class="meta">ftp&gt;</span> cd pub</span><br><span class="line">250 Directory successfully changed.</span><br><span class="line"><span class="meta">ftp&gt;</span> mkdir files</span><br><span class="line">550 Create directory operation failed.</span><br><span class="line"><span class="meta">ftp&gt;</span> exit</span><br></pre></td></tr></table></figure>

<ol start="5">
<li><strong>修改SElinux中与ftp有关的策略规则，并用-p参数使其永久生效，再次尝试后顺利写入文件</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> getsebool -a | grep ftp</span><br><span class="line">ftp_home_dir --&gt; off</span><br><span class="line">ftpd_anon_write --&gt; off</span><br><span class="line">ftpd_connect_all_unreserved --&gt; off</span><br><span class="line">ftpd_connect_db --&gt; off</span><br><span class="line">ftpd_full_access --&gt; off</span><br><span class="line">ftpd_use_cifs --&gt; off</span><br><span class="line">ftpd_use_fusefs --&gt; off</span><br><span class="line">ftpd_use_nfs --&gt; off</span><br><span class="line">ftpd_use_passive_mode --&gt; off</span><br><span class="line">httpd_can_connect_ftp --&gt; off</span><br><span class="line">httpd_enable_ftp_server --&gt; off</span><br><span class="line">sftpd_anon_write --&gt; off</span><br><span class="line">sftpd_enable_homedirs --&gt; off</span><br><span class="line">sftpd_full_access --&gt; off</span><br><span class="line">sftpd_write_ssh_home --&gt; off</span><br><span class="line">tftp_anon_write --&gt; off</span><br><span class="line">tftp_home_dir --&gt; off</span><br><span class="line"><span class="meta">#</span> setsebool -P ftpd_full_access=on</span><br><span class="line"><span class="meta">#</span> ftp 192.168.40.131</span><br><span class="line">Connected to 192.168.40.131 (192.168.40.131).</span><br><span class="line">220 (vsFTPd 3.0.2)</span><br><span class="line">Name (192.168.40.131:root): anonumous</span><br><span class="line">331 Please specify the password.</span><br><span class="line">Password:</span><br><span class="line">230 Login successful.</span><br><span class="line">Remote system type is UNIX.</span><br><span class="line">Using binary mode to transfer files.</span><br><span class="line"><span class="meta">ftp&gt;</span> cd pub</span><br><span class="line">250 Directory successfully changed.</span><br><span class="line"><span class="meta">ftp&gt;</span> mkdir files</span><br><span class="line">257 "/pub/files" created</span><br><span class="line"><span class="meta">ftp&gt;</span> exit</span><br><span class="line">221 Goodbye.</span><br></pre></td></tr></table></figure>

<h3 id="本地用户模式"><a href="#本地用户模式" class="headerlink" title="本地用户模式"></a>本地用户模式</h3><ol>
<li><strong>关闭匿名开放模式，开启本地用户模式</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> vim /etc/vsftpd/vsftpd.conf</span><br><span class="line">anonymous_enable=NO #禁止匿名访问模式</span><br><span class="line">local_enable=YES  #允许本地用户模式</span><br><span class="line">write_enable=YES  #设置可写权限</span><br><span class="line">local_umask=022  #本地用户模式创建的umask值</span><br><span class="line">dirmessage_enable=YES</span><br><span class="line">xferlog_enable=YES</span><br><span class="line">connect_from_port_20=YES</span><br><span class="line">xferlog_std_format=YES</span><br><span class="line">listen=NO</span><br><span class="line">listen_ipv6=YES</span><br><span class="line">pam_service_name=vsftpd</span><br><span class="line"><span class="meta">#</span>userlist_deny=YES  #启用“禁止用户名单”，名单文件为ftpusers和user_list</span><br><span class="line">userlist_enable=YES  #开启用户作用名单文件功能</span><br><span class="line">tcp_wrappers=YES</span><br></pre></td></tr></table></figure>

<ol start="2">
<li><strong>重启vsftpd服务程序【并加入开机启动项】</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> systemctl restart vsftpd</span><br><span class="line"><span class="meta">#</span> systemctl enable vsftpd</span><br></pre></td></tr></table></figure>

<ol start="3">
<li><p><strong>为实现root管理员登录FTP服务器，需删除“用户名单”文件（ftpusers和user_list）里的root用户名</strong></p>
<p>vsftpd服务程序为了保证服务器的安全性，默认禁止了root管理员和大多数系统用户的登录行为，这可有效避免黑客通过FTP服务对root管理员密码进行暴力破解</p>
<p>vsftpd服务程序目录中的ftpusers和user_list这两个文件的功能——只要里面写有某个用户的名字，就不再允许这个用户登录到FTP服务器上</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> vim /etc/vsftpd/user_list</span><br><span class="line">  1 # vsftpd userlist</span><br><span class="line">  2 # If userlist_deny=NO, only allow users in this file</span><br><span class="line">  3 # If userlist_deny=YES (default), never allow users in this file, and</span><br><span class="line">  4 # do not even prompt for a password.</span><br><span class="line">  5 # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers</span><br><span class="line">  6 # for users that are denied.</span><br><span class="line">  7 bin</span><br><span class="line">  8 daemon</span><br><span class="line">  9 adm</span><br><span class="line"> 10 lp</span><br><span class="line"> 11 sync</span><br><span class="line"> 12 shutdown</span><br><span class="line"> 13 halt</span><br><span class="line"> 14 mail</span><br><span class="line"> 15 news</span><br><span class="line"> 16 uucp</span><br><span class="line"> 17 operator</span><br><span class="line"> 18 games</span><br><span class="line"> 19 nobody</span><br><span class="line"><span class="meta">#</span> vim /etc/vsftpd/ftpusers</span><br><span class="line">  1 # Users that are not allowed to login via ftp</span><br><span class="line">  2 bin</span><br><span class="line">  3 daemon</span><br><span class="line">  4 adm</span><br><span class="line">  5 lp</span><br><span class="line">  6 sync</span><br><span class="line">  7 shutdown</span><br><span class="line">  8 halt</span><br><span class="line">  9 mail</span><br><span class="line"> 10 news</span><br><span class="line"> 11 uucp</span><br><span class="line"> 12 operator</span><br><span class="line"> 13 games</span><br><span class="line"> 14 nobody</span><br></pre></td></tr></table></figure>

<ol start="4">
<li><strong>root用户名登录FTP服务器，执行文件的创建、重命名及删除等命令</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> ftp 192.168.40.131</span><br><span class="line">Connected to 192.168.40.131 (192.168.40.131).</span><br><span class="line">220 (vsFTPd 3.0.2)</span><br><span class="line">Name (192.168.40.131:root): root</span><br><span class="line">331 Please specify the password.</span><br><span class="line">Password:</span><br><span class="line">230 Login successful.</span><br><span class="line">Remote system type is UNIX.</span><br><span class="line">Using binary mode to transfer files.</span><br><span class="line"><span class="meta">ftp&gt;</span> mkdir files</span><br><span class="line">257 "/root/files" created</span><br><span class="line"><span class="meta">ftp&gt;</span> rename files database</span><br><span class="line">350 Ready for RNTO.</span><br><span class="line">250 Rename successful.</span><br><span class="line"><span class="meta">ftp&gt;</span> rmdir database</span><br><span class="line">250 Remove directory operation successful.</span><br><span class="line"><span class="meta">ftp&gt;</span> exit</span><br><span class="line">221 Goodbye.</span><br></pre></td></tr></table></figure>

<p><strong>说明：</strong>由于在匿名访问模式中已经开启了SELinux域对FTP服务的允许策略，所以此处可省略</p>
<h3 id="虚拟用户模式"><a href="#虚拟用户模式" class="headerlink" title="虚拟用户模式"></a>虚拟用户模式</h3><ol>
<li><p><strong>创建用于进行FTP认证的用户数据库文件，奇数行为 账户名，偶数行为 密码</strong></p>
<p>这里分别创建zhangsan和lisi两个用户，密码均为redhat</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> vim /etc/vsftpd/vuser.list</span><br><span class="line">zhangsan</span><br><span class="line">redhat</span><br><span class="line">lisi</span><br><span class="line">redhat</span><br></pre></td></tr></table></figure>

<ol start="2">
<li><p><strong>使用<code>db_load</code>命令用哈希（hash）算法将原始的明文信息文件转换成数据库文件，并降低数据库文件的权限，然后再把原始的明文信息文件删除</strong></p>
<p>明文信息既不安全，也不符合让vsftpd服务程序直接加载的格式，因此需转为数据库文件</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> cd /etc/vsftpd/</span><br><span class="line"><span class="meta">#</span> db_load -T -t hash -f vuser.list vuser.db</span><br><span class="line"><span class="meta">#</span> file vuser.db </span><br><span class="line">vuser.db: Berkeley DB (Hash, version 9, native byte-order)</span><br><span class="line"><span class="meta">#</span> chmod 600 vuser.db </span><br><span class="line"><span class="meta">#</span> rm -f vuser.list</span><br></pre></td></tr></table></figure>

<ol start="3">
<li><p><strong>创建vsftpd服务程序用于存储文件的根目录以及虚拟用户映射的系统本地用户</strong></p>
<p>将系统本地用户的家目录设置为/var目录（该目录用来存放经常发生改变的数据），同时为了安全起见，将系统本地用户设置为不允许登录FTP服务器，这不会影响虚拟用户登录，且还可避免黑客通过系统本地用户进行登录</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> useradd -d /var/ftproot -s /sbin/nologin virtual</span><br><span class="line"><span class="meta">#</span> ls -ld /var/ftproot/</span><br><span class="line">drwx------. 3 virtual virtual 74 Aug 13 04:01 /var/ftproot/</span><br><span class="line"><span class="meta">#</span> chmod -Rf 755 /var/ftproot/</span><br></pre></td></tr></table></figure>

<ol start="4">
<li><p><strong>建立用于支持虚拟用户的PAM文件vsftpd.vu</strong></p>
<p>PAM文件内的“db=”参数为使用db_load命令生成的账户密码数据库文件的路径，不用写数据库文件的后缀</p>
<blockquote>
<p>PAM是一组安全机制的模块，系统管理员可以用来轻易地调整服务程序的认证方式，而不必对应用程序进行任何修改</p>
</blockquote>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> vim /etc/pam.d/vsftpd.vu</span><br><span class="line">auth       required     pam_userdb.so db=/etc/vsftpd/vuser</span><br><span class="line">account    required     pam_userdb.so db=/etc/vsftpd/vuser</span><br></pre></td></tr></table></figure>

<ol start="5">
<li><strong>将vsftpd服务程序的主配置文件中的pam_service_name参数（PAM认证文件的名称）修改为vsftpd.vu，并配置相应参数</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> vim /etc/vsftpd/vsftpd.conf </span><br><span class="line">  1 anonymous_enable=NO  #禁止匿名开放模式</span><br><span class="line">  2 local_enable=YES  #允许本地用户模式</span><br><span class="line">  3 guest_enable=YES  #开启虚拟用户模式</span><br><span class="line">  4 guest_username=virtual  #指定虚拟用户账户</span><br><span class="line">  5 allow_writeable_chroot=YES  #允许对禁锢的FTP根目录执行写入操作，且不拒绝用户的登录请求</span><br><span class="line">  6 write_enable=YES</span><br><span class="line">  7 local_umask=022</span><br><span class="line">  8 dirmessage_enable=YES</span><br><span class="line">  9 xferlog_enable=YES</span><br><span class="line"> 10 connect_from_port_20=YES</span><br><span class="line"> 11 xferlog_std_format=YES</span><br><span class="line"> 12 listen=NO</span><br><span class="line"> 13 listen_ipv6=YES</span><br><span class="line"> 14 pam_service_name=vsftpd.vu  #指定PAM文件</span><br><span class="line"> 15 userlist_enable=YES</span><br><span class="line"> 16 tcp_wrappers=YES</span><br></pre></td></tr></table></figure>

<ol start="6">
<li><p><strong>为虚拟用户设置不同的权限，张三允许上传、创建、修改、查看、删除文件，李四只允许查看文件</strong></p>
<p>创建两个以zhangsan和lisi命名的文件，在名为zhangsan的文件中写入允许的相关权限（使用匿名用户的参数）</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> mkdir /etc/vsftpd/vusers_dir/</span><br><span class="line"><span class="meta">#</span> touch lisi</span><br><span class="line"><span class="meta">#</span> vim zhangsan</span><br><span class="line">anon_upload_enable=YES</span><br><span class="line">anon_mkdir_write_enable=YES</span><br><span class="line">anon_other_write_enable=YES</span><br></pre></td></tr></table></figure>

<ol start="7">
<li><strong>修改vsftpd主配置文件，添加user_config_dir参数，并重启vsftpd服务</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> vim /etc/vsftpd/vsftpd.conf</span><br><span class="line">anonymous_enable=NO</span><br><span class="line">local_enable=YES</span><br><span class="line">guest_enable=YES</span><br><span class="line">guest_username=virtual</span><br><span class="line">allow_writeable_chroot=YES</span><br><span class="line">write_enable=YES</span><br><span class="line">local_umask=022</span><br><span class="line">dirmessage_enable=YES</span><br><span class="line">xferlog_enable=YES</span><br><span class="line">connect_from_port_20=YES</span><br><span class="line">xferlog_std_format=YES</span><br><span class="line">listen=NO</span><br><span class="line">listen_ipv6=YES</span><br><span class="line">pam_service_name=vsftpd.vu</span><br><span class="line">userlist_enable=YES</span><br><span class="line">tcp_wrappers=YES</span><br><span class="line">user_config_dir=/etc/vsftpd/vusers_dir  #指定虚拟用户不同权限的配置文件所存放的路径</span><br><span class="line"><span class="meta">#</span> systemctl restart vsftpd</span><br></pre></td></tr></table></figure>

<ol start="8">
<li><strong>设置SELinux域允许策略，并使用虚拟用户模式登录FTP服务器验证</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> getsebool -a | grep ftp</span><br><span class="line">ftp_home_dir --&gt; off</span><br><span class="line">ftpd_anon_write --&gt; off</span><br><span class="line">ftpd_connect_all_unreserved --&gt; off</span><br><span class="line">ftpd_connect_db --&gt; off</span><br><span class="line">ftpd_full_access --&gt; on</span><br><span class="line">ftpd_use_cifs --&gt; off</span><br><span class="line">ftpd_use_fusefs --&gt; off</span><br><span class="line">ftpd_use_nfs --&gt; off</span><br><span class="line">ftpd_use_passive_mode --&gt; off</span><br><span class="line">httpd_can_connect_ftp --&gt; off</span><br><span class="line">httpd_enable_ftp_server --&gt; off</span><br><span class="line">sftpd_anon_write --&gt; off</span><br><span class="line">sftpd_enable_homedirs --&gt; off</span><br><span class="line">sftpd_full_access --&gt; off</span><br><span class="line">sftpd_write_ssh_home --&gt; off</span><br><span class="line">tftp_anon_write --&gt; off</span><br><span class="line">tftp_home_dir --&gt; off</span><br><span class="line"><span class="meta">#</span> setsebool -P ftpd_full_access=on</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span> ftp 192.168.40.131</span><br><span class="line">Connected to 192.168.40.131 (192.168.40.131).</span><br><span class="line">220 (vsFTPd 3.0.2)</span><br><span class="line">Name (192.168.40.131:root): zhangsan</span><br><span class="line">331 Please specify the password.</span><br><span class="line">Password:</span><br><span class="line">230 Login successful.</span><br><span class="line">Remote system type is UNIX.</span><br><span class="line">Using binary mode to transfer files.</span><br><span class="line"><span class="meta">ftp&gt;</span> mkdir files</span><br><span class="line">257 "/files" created</span><br><span class="line"><span class="meta">ftp&gt;</span> rename files database</span><br><span class="line">350 Ready for RNTO.</span><br><span class="line">250 Rename successful.</span><br><span class="line"><span class="meta">ftp&gt;</span> rmdir database</span><br><span class="line">250 Remove directory operation successful.</span><br><span class="line"><span class="meta">ftp&gt;</span> exit</span><br><span class="line">221 Goodbye.</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span> ftp 192.168.40.131</span><br><span class="line">Connected to 192.168.40.131 (192.168.40.131).</span><br><span class="line">220 (vsFTPd 3.0.2)</span><br><span class="line">Name (192.168.40.131:root): lisi</span><br><span class="line">331 Please specify the password.</span><br><span class="line">Password:</span><br><span class="line">230 Login successful.</span><br><span class="line">Remote system type is UNIX.</span><br><span class="line">Using binary mode to transfer files.</span><br><span class="line"><span class="meta">ftp&gt;</span> mkdir files1</span><br><span class="line">550 Permission denied.</span><br><span class="line"><span class="meta">ftp&gt;</span> exit</span><br><span class="line">221 Goodbye.</span><br></pre></td></tr></table></figure>

<h2 id="TFTP简单文件传输协议"><a href="#TFTP简单文件传输协议" class="headerlink" title="TFTP简单文件传输协议"></a>TFTP简单文件传输协议</h2><ul>
<li>简单文件传输协议（Trivial File Transfer Protocol，TFTP）是一种基于<strong>UDP协议</strong>在客户端和服务器之间进行简单文件传输的协议</li>
<li>提供不复杂、开销不大的文件传输服务（可将其当作FTP协议的简化版本）</li>
<li>TFTP的命令功能不如FTP服务强大，甚至不能遍历目录，在安全性方面也弱于FTP服务</li>
<li>TFTP在传输文件时采用的是UDP协议，占用的端口号为69</li>
<li>TFTP不需要客户端的权限认证，减少了无谓的系统和网络带宽消耗，在传输琐碎（trivial）不大的文件时，效率很高</li>
<li>TFTP的根目录为/var/lib/tftpboot</li>
</ul>
<ol>
<li><strong>安装TFTP软件包</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> yum install -y tftp-server tftp</span><br></pre></td></tr></table></figure>

<ol start="2">
<li><p><strong>在xinetd服务程序中将TFTP服务开启，即把默认的禁用（disable）参数修改为no</strong></p>
<p>在RHEL 7系统中，TFTP服务是使用xinetd服务程序来管理的。xinetd服务可用来管理多种轻量级的网络服务，且具有强大的日志功能</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> vim /etc/xinetd.d/tftp</span><br><span class="line"><span class="meta">#</span> default: off</span><br><span class="line"><span class="meta">#</span> description: The tftp server serves files using the trivial file transfer \</span><br><span class="line"><span class="meta">#</span>       protocol.  The tftp protocol is often used to boot diskless \</span><br><span class="line"><span class="meta">#</span>       workstations, download configuration files to network-aware printers, \</span><br><span class="line"><span class="meta">#</span>       and to start the installation process for some operating systems.</span><br><span class="line">service tftp</span><br><span class="line">&#123;</span><br><span class="line">        socket_type             = dgram</span><br><span class="line">        protocol                = udp</span><br><span class="line">        wait                    = yes</span><br><span class="line">        user                    = root</span><br><span class="line">        server                  = /usr/sbin/in.tftpd</span><br><span class="line">        server_args             = -s /var/lib/tftpboot</span><br><span class="line">        disable                 = no</span><br><span class="line">        per_source              = 11</span><br><span class="line">        cps                     = 100 2</span><br><span class="line">        flags                   = IPv4</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ol start="3">
<li><strong>重启xinetd服务并加入到开机启动项，然后手动将UDP协议的端口号69加入到防火墙的允许策略</strong></li>
</ol>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> systemctl restart xinetd</span><br><span class="line"><span class="meta">#</span> systemctl enable xinetd</span><br><span class="line"><span class="meta">#</span> firewall-cmd --permanent --add-port=69/udp</span><br><span class="line">success</span><br><span class="line"><span class="meta">#</span> firewall-cmd --reload</span><br><span class="line">success</span><br></pre></td></tr></table></figure>

<ol start="4">
<li><strong>tftp命令中可用的参数以及作用</strong></li>
</ol>
<table>
<thead>
<tr>
<th>命令</th>
<th>作用</th>
</tr>
</thead>
<tbody><tr>
<td>?</td>
<td>帮助信息</td>
</tr>
<tr>
<td>put</td>
<td>长传文件</td>
</tr>
<tr>
<td>get</td>
<td>下载文件</td>
</tr>
<tr>
<td>verbose</td>
<td>显示详细的处理信息</td>
</tr>
<tr>
<td>status</td>
<td>显示当前的状态信息</td>
</tr>
<tr>
<td>binary</td>
<td>使用二进制进行传输</td>
</tr>
<tr>
<td>ascii</td>
<td>使用ASCII码进行传输</td>
</tr>
<tr>
<td>timeout</td>
<td>设置重传的超时时间</td>
</tr>
<tr>
<td>quit</td>
<td>退出</td>
</tr>
</tbody></table>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span> echo "i love linux" &gt; /var/lib/tftpboot/readme.txt</span><br><span class="line"><span class="meta">#</span> tftp 192.168.40.131</span><br><span class="line"><span class="meta">tftp&gt;</span> get readme.txt</span><br><span class="line"><span class="meta">tftp&gt;</span> quit</span><br><span class="line">[root@localhost ~]# ls</span><br><span class="line">anaconda-ks.cfg  Desktop  Documents  Downloads  fstab  initial-setup-ks.cfg  Music  Pictures  Public  readme.txt  Templates  Videos</span><br><span class="line">[root@localhost ~]# cat readme.txt </span><br><span class="line">i love linux</span><br></pre></td></tr></table></figure>

<p>TFTP服务与其他软件相搭配，可组合出一套完整的自动化部署系统方案</p>

      
    </div>

    

    
    
    

    

    
      
    
    

    

    <footer class="post-footer">
      
        
          
        
        <div class="post-tags">
          
            <a href="/tags/Vsftpd/" rel="tag"># Vsftpd</a>
          
            <a href="/tags/TFTP/" rel="tag"># TFTP</a>
          
            <a href="/tags/FTP/" rel="tag"># FTP</a>
          
        </div>
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/2019/08/01/使用Apache服务部署静态网站/" rel="next" title="使用Apache服务部署静态网站">
                <i class="fa fa-chevron-left"></i> 使用Apache服务部署静态网站
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/2019/08/14/队列Queue的认识/" rel="prev" title="队列Queue的认识">
                队列Queue的认识 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>


  </div>


          </div>
          

  
    <div class="comments" id="gitalk-container">
    </div>

  



        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview-wrap">
            站点概览
          </li>
        </ul>
      

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-overview">
          <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
            
              <img class="site-author-image" itemprop="image" src="/images/zhi.jpg" alt="小智">
            
              <p class="site-author-name" itemprop="name">小智</p>
              <div class="site-description motion-element" itemprop="description">Java,Linux,Mysql</div>
          </div>

          
            <nav class="site-state motion-element">
              
                <div class="site-state-item site-state-posts">
                
                  <a href="/archives/">
                
                    <span class="site-state-item-count">22</span>
                    <span class="site-state-item-name">日志</span>
                  </a>
                </div>
              

              
                
                
                <div class="site-state-item site-state-categories">
                  
                    
                      <a href="/categories/">
                    
                  
                    
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                    <span class="site-state-item-count">5</span>
                    <span class="site-state-item-name">分类</span>
                  </a>
                </div>
              

              
                
                
                <div class="site-state-item site-state-tags">
                  
                    
                      <a href="/tags/">
                    
                  
                    
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                      
                    
                    <span class="site-state-item-count">37</span>
                    <span class="site-state-item-name">标签</span>
                  </a>
                </div>
              
            </nav>
          

          

          

          

          

          
          

          
            
          
          

        </div>
      </div>

      
      <!--noindex-->
        <div class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
            
            
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#文件传输协议"><span class="nav-number">1.</span> <span class="nav-text">文件传输协议</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#安装vsftpd服务程序"><span class="nav-number">2.</span> <span class="nav-text">安装vsftpd服务程序</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#Vsftpd服务程序的三种认证模式"><span class="nav-number">3.</span> <span class="nav-text">Vsftpd服务程序的三种认证模式</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#匿名访问模式"><span class="nav-number">3.1.</span> <span class="nav-text">匿名访问模式</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#本地用户模式"><span class="nav-number">3.2.</span> <span class="nav-text">本地用户模式</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#虚拟用户模式"><span class="nav-number">3.3.</span> <span class="nav-text">虚拟用户模式</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#TFTP简单文件传输协议"><span class="nav-number">4.</span> <span class="nav-text">TFTP简单文件传输协议</span></a></li></ol></div>
            

          </div>
        </div>
      <!--/noindex-->
      

      

    </div>
  </aside>
  


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; <span itemprop="copyrightYear">2019</span>
  <span class="with-love" id="animate">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">小智</span>

  

  
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-coffee"></i>
    </span>
    
      <span class="post-meta-item-text">站点阅读时长 &asymp;</span>
    
    <span title="站点阅读时长">2:07</span>
  
</div>









        
<div class="busuanzi-count">
  <script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>

  
    <span class="post-meta-item-icon">
      <i class="fa fa-user"></i>
    </span>
    <span class="site-uv" title="总访客量">
      <span class="busuanzi-value" id="busuanzi_value_site_uv"></span>
    </span>
  

  
    <span class="post-meta-divider">|</span>
  

  
    <span class="post-meta-item-icon">
      <i class="fa fa-eye"></i>
    </span>
    <span class="site-pv" title="总访问量">
      <span class="busuanzi-value" id="busuanzi_value_site_pv"></span>
    </span>
  
</div>









        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

    

    

    
  </div>

  

<script>
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>


























  
  <script src="/lib/jquery/index.js?v=3.4.1"></script>

  
  <script src="/lib/velocity/velocity.min.js?v=1.2.1"></script>

  
  <script src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>


  


  <script src="/js/utils.js?v=7.1.2"></script>

  <script src="/js/motion.js?v=7.1.2"></script>



  
  


  <script src="/js/affix.js?v=7.1.2"></script>

  <script src="/js/schemes/pisces.js?v=7.1.2"></script>



  
  <script src="/js/scrollspy.js?v=7.1.2"></script>
<script src="/js/post-details.js?v=7.1.2"></script>



  


  <script src="/js/next-boot.js?v=7.1.2"></script>


  

  

  

  


  
    

<script src="//cdn.jsdelivr.net/npm/gitalk@1/dist/gitalk.min.js"></script>



<link rel="stylesheet" href="//cdn.jsdelivr.net/npm/gitalk@1/dist/gitalk.min.css">



<script src="//cdn.jsdelivr.net/npm/js-md5@0.7.3/src/md5.min.js"></script>

<script>
  var gitalk = new Gitalk({
    clientID: '4a3937b2ec1408fa593c',
    clientSecret: 'bb11519c1d0aafd8540c58fe182487d24b1a1a6f',
    repo: 'zengzhiLai.github.io',
    owner: 'zengzhiLai',
    admin: ['zengzhiLai'],
    id: md5(location.pathname),
    
      language: window.navigator.language || window.navigator.userLanguage,
    
    distractionFreeMode: 'true'
  });
  gitalk.render('gitalk-container');
</script>

  


  




  

  

  

  

  

  
  <script>
    (function(){
      var bp = document.createElement('script');
      var curProtocol = window.location.protocol.split(':')[0];
      bp.src = (curProtocol === 'https') ? 'https://zz.bdstatic.com/linksubmit/push.js' : 'http://push.zhanzhang.baidu.com/push.js';
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(bp, s);
    })();
  </script>


  

  

  

  

  

  

  

  

</body>
</html>
<!-- 页面点击小红心 -->
	<script type="text/javascript" src="js/schemes/clicklove.js"></script>